Actually, a lot of studies indicate internal threats are more dangerous than hackers. Whether they're simply making mistakes (like sending PHI in unecrypted ways or leaving unsecured laptops where they can be stolen) or disgruntled and malicious, employees cause most data losses and breaches. Hackers get the headlines and have the potential to do untold amounts of damage if they crack the databases of hospitals, insurers, or government agencies like Medicare. CSOs and their teams have to protect against all forms!

Sure, every job posting has a long list of ideal specifications, but you'd certainly hope the Chief Security Officer would be very strong and knowledgeable in security. If s/he is also knowledgeable in healthcare, well, that's great -- but undoubtedly, that exec also will demand a higher salary than a similar pro without healthcare expertise. We all start in any industry without much knowledge but we learn the terms, the slang, and everything else that makes one business different from another. A CSO -- a good CSO -- is driven hard to do just that. Thinking a CSO without healthcare experience will fail is extremely shortsighted. Knowing security is much more important than knowing the vertical, whichever vertical you're talking about, no matter how 'different' a board thinks it is.

According where the future is leading us, I think health care centers should already be working on how to improve their I.T security issues. Hacking may be the greatest threat as far as data security is concerned but there is always something that can be done about this. I am just scared for them because if they cannot assure the public about their security now, when will they do it because some organizations do are not threatened at all by hackers and insecurity issues. They can borrow ideas I think.

The most idiotic requirement is that experienced security personnel also have experience in healthcare. Note to HR staff: Ain't gonna happen! In fact, the very definition of a purple squirrel is the "perfect" candidate who has the requisite dozen years plus work history that blends a wishlist of idealized employment history compiled by the largely clueless HR department and/or Administrator/D.O.N. Until hospitals realize that RNs and other medical personnel won't also be I.T. security pros, the data breaches/HIPAA violations will continue.

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.